R13 — Data Exfiltration

Adversary or insider extracts sensitive data via email, web upload, cloud sync, removable media, or pasted into unsanctioned tools. DLP plus identity boundary controls (CASB, ZTNA) are the prevention layer; detection catches the staging behavior. Residual remains because covert channels (DNS, screenshots, photos of screens) cannot be fully closed.

What is Data Exfiltration?

Adversary or insider extracts sensitive data via email, web upload, cloud sync, removable media, or pasted into unsanctioned tools. DLP plus identity boundary controls (CASB, ZTNA) are the prevention layer; detection catches the staging behavior. Residual remains because covert channels (DNS, screenshots, photos of screens) cannot be fully closed. CISO Game tracks this as R13 in the live risk register, severity 9 (Catastrophic), category Data.

How does CISO Game model Data Exfiltration?

Exposure for R13 runs from 0 to 100, recomputed live as you buy, cancel, or reassign products. How the exposure model works →

Real-world parallel

Data exfiltration is the failure mode that turns a breach into a regulatory event. DLP (network + endpoint + cloud + email) is the technical control; data classification + minimization is the program-design lever (you can't exfiltrate data you didn't keep). The breach-disclosure clock is what the board actually feels — you have between 4 and 72 hours depending on jurisdiction.

How do security teams mitigate Data Exfiltration?

The dominant subscore levers for this risk are:

• Prevention subscore — weight 40%
• Detection subscore — weight 35%
• Identity subscore — weight 25%

Which investments mitigate Data Exfiltration?

Products in CISO Game that reduce exposure to R13:

• Advanced email security (anti-BEC)Email Sec
• Network Detection & Response (NDR)Network
• Secure Web Gateway (SWG)Network
• Cloud Access Security Broker (CASB)Network
• Mid-tier CNAPPCloud Sec
• Premium CNAPP (multi-cloud)Cloud Sec
• Basic DLP (email + endpoint)Data Sec
• Enterprise DLP with classificationData Sec

Which related risks should you also watch?

Risks with similar dominant subscores or shared category — addressing one often helps the others:

• R42 Secrets / Key-Management FailureData · severity 8
• R14 Data Loss (accidental)Data · severity 6
• R15 Cloud MisconfigurationData · severity 7
• R35 Post-Quantum Cryptographic RiskData · severity 6

Why does Data Exfiltration matter to a CISO?

Data risk is what shows up in the news and the regulator's letter. Data Exfiltration compounds with disclosure timing, customer-trust impact, and downstream litigation.

How can you test your mitigation strategy?

Click Play CISO Game free to see R13 appear live in your risk register and watch each purchase move the exposure number in real time. No signup required.

Stress-test Data Exfiltration in the Standard run scenario →